Generally speaking, biometrics involves comparing a person’s physical features to the image of those features stored on a computer in order to determine or verify a person’s identity. However, privacy and the values that give our society meaning are being reduced in the name of security. We must insist on creating additional rules and laws to protect the fabric of our society. As biometric technology broadens, a wide range of abuses can occur. These abuses could negatively impact a person’s daily life in terms of privacy and right to chose what is being captured about you and how it’s used. Values that people hold dear to their freedom are also being threatened by the growing presence of biometric technology. I will explore the use of biometric technology to weigh the need for security against the invasiveness to personal privacy and risks of abuse if there are not more legal guidelines to govern and control this technology.

It’s late at night, do you know where you identity is? Biometric Technology does and it’s eroding the very fabric of your privacy both individually and our collective privacy rights by gathering, storing and distributing our most personal information in massive databases (BigData) of federal and local law enforcement agencies. Biometric Technology or Biometrics for short, is also on the job at your place of work. The attack on your privacy starts out harmlessly yet there are databases amassing petabytes (1,024 terabytes) of data on customers, employees, citizens and their habits. Say, your doctor simply wants to run some tests. After all, you came to her, so where’s the harm in that? But that EEG or EKG scan which helps the doctor assess the condition of your health, are also cutting edge data of what also provide some of the most unique and potentially revealing aspects of your health and mental state. What if that got into the wrong hands?

The fingerprint reader in your laptop wants to make sure it’s really you. So you swipe your finger a few times and you’re in! No password is necessary, just a piece of you. Pieces of Data come from everywhere. You’re shopping, so you hand over your debit card to pay for it. Before you’re done you have to sign your name on a signature recognition device to approve the sale. Now you’re beginning to see that even small commercial establishments are in on this data collection process. Just like that, they’ve got your shopping patterns and some financial information tied to your signature. Little do you realize that your signature and your purchases will be collected, stored in databases, and passed along through communications channels and acted upon by some mysterious software algorithms? This information is being bought and sold all the time, while broadening its distribution. Before you know it, biometric information and other harmless bit of data are combined to form a profile potentially making you a ‘Person of Interest.’ If you doubt that, go to any browser and type “Collusion” for website tracking. You are being watched and information is being gathered.

Sure there are advantages to biometrics. At work, accessing the business systems or certain secure areas like research or the data center will require something unique about you. We think nothing about it. We like Biometrics when it allows us through long awaiting lines faster or spares us the hassle of remembering multiple passwords and recovering lost ID cards. Digital signature or digitized versions of our speech and face can feel like a real time saving benefit to our daily lives. Security verification keeps advancing and now it has advanced to the point where the way we walk can be verified by a technology called “gait” pattern recognition. Proponents of the technology are first to remind us that the technology makes identity fraud more difficult and can save organizations time and money in administrative costs.

We think of a free society as one in which people have constitutional rights to life, liberty, and the pursuit of happiness. This common assumption is partially supported by the 5th Amendment of Declaration of Independence citing “life, liberty, or property.” The amendment states that we cannot be deprived of them without due process of law. Yet where is due process when your face or your walk pattern is taken right out of the air and recorded without your knowledge or permission? While we’re pursuing our dreams as law abiding citizens, there’s a presumption that the immediate physical space around us and our physical bodies will not be invaded by other persons, companies or governments. However these other entities have a different perspective. For them, they consider much of what they are capturing is information in the public domain.

We have some very bad people in our society and outside of it as well trying to do us harm. Biometrics is helping law enforcement fight the threat of crime and terrorism, but what about privacy? Governments and corporations would argue, why can’t we capture your face through facial recognition or the way you walk (gait pattern recognition) if it’s out in the open already? If you’re in the running as a job candidate for a progressive company, their first question is who are you? For the person who’s standing in the immigration line to enter the country, the authorities want to know whether or not this person can be authenticated? These and countless other identity management questions are what are driving biometric technology development and its wide spread use.

Identity management is just not that simple. It’s a complex, fast growing and far reaching business. We need assurances for our privacy that may come from the activities and ongoing development of laws being designed to protect our freedoms. We need a vehicle that explains the new rules behind Biometrics and takes into account what we value. We need methods that explain what’s being captured about us in the name security. We also need law enforcement and remedies made available to us for possible abuses. A larger part of this work is being done by an identity task force. This task force is The American Bar Association (ABA) who is also working with other associations, businesses, universities and government agencies form the U.S., Canada, EU and Australia. Their goal, identify and scrutinize the legal issues that are connected to the development, implementation and use of identify management systems. Their work thus far has been summarized in a document entitled “The Emerging Legal Framework for Identity and Access Management.” (2012). We wish them great speed and success.

As security professional, I have a lot to say about the wide spread use of Biometric Technology and the many ethical questions surrounding application on our privacy. I’ll have a lot more to say about Biometrics in coming blogs on Privacy vs. Biometrics. What say you?